ENGR8762 Computer Networks and Cybersecurity 2018 Assessment Paper

ENGR8762 Computer Networks and Cybersecurity 2018
Assessment
This assignment contributes 10% of your overall assessment for the topic. The grading for this
assignment will be according to the University rating scheme [HD, DN, CR, P, F].
Submission
Due Date: Friday 2 November 2018 by 11pm. The assignment should be submitted as a single PDF
file to the assignment space FLO.
Assignment 3
For the following Threat Categories, describe which type of Control should be put in place in an
organisation. Classify the controls as Administrative, Product or Physical, as well as whether the
controls will Prevent, Detect, Correct or Compensate.
Threat Categories
• Accidental corruption of information
• Loss of intellectual property
• Software piracy
• Theft of information (hacker)
• Theft of information (employee)
• Web site defacement
• Theft of equipment
• Viruses, worms, Trojan horses
• Elevation of privilege
• Fire/Flood
For example:
Threat
Category
Control Description Classification Type
DDOS Antivirus To ensure that no malware programs
have been installed that attackers
can use to launch a DDoS attack.
product prevent
Firewall Filtering based on source IP
addresses will prevent SYN flood
DDoS attacks
product prevent
Web application
firewall
A WAF tool can identify and mitigate
application layer attacks
product prevent
detect
Intrusion
detection and
prevention
systems
IDS/IPS use a signature database to
identify any threats which can block
the attacker or to alert a system
administrator.
product detect
Incident response
planning:
To be prepared to respond quickly
and efficiently to an attack
administrative compensate
Antivirus update
policy
To ensure that procedures and
process are in place to have current
updated software installed.
administrative prevent